OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/policy/core/common/cloud/cloud_policy_validator.h" | 5 #include "components/policy/core/common/cloud/cloud_policy_validator.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 #include <utility> | 8 #include <utility> |
9 | 9 |
10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
(...skipping 244 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
255 | 255 |
256 for (size_t i = 0; i < arraysize(kCheckFunctions); ++i) { | 256 for (size_t i = 0; i < arraysize(kCheckFunctions); ++i) { |
257 if (validation_flags_ & kCheckFunctions[i].flag) { | 257 if (validation_flags_ & kCheckFunctions[i].flag) { |
258 status_ = (this->*(kCheckFunctions[i].checkFunction))(); | 258 status_ = (this->*(kCheckFunctions[i].checkFunction))(); |
259 if (status_ != VALIDATION_OK) | 259 if (status_ != VALIDATION_OK) |
260 break; | 260 break; |
261 } | 261 } |
262 } | 262 } |
263 } | 263 } |
264 | 264 |
265 // Verifies the |new_public_key_verification_signature| for the |new_public_key| | 265 // Verifies the |new_public_key_verification_signature_deprecated| for the |
266 // in the policy blob. | 266 // |new_public_key| in the policy blob. |
267 bool CloudPolicyValidatorBase::CheckNewPublicKeyVerificationSignature() { | 267 bool CloudPolicyValidatorBase::CheckNewPublicKeyVerificationSignature() { |
268 // If there's no local verification key, then just return true (no | 268 // If there's no local verification key, then just return true (no |
269 // validation possible). | 269 // validation possible). |
270 if (verification_key_.empty()) { | 270 if (verification_key_.empty()) { |
271 UMA_HISTOGRAM_ENUMERATION(kMetricPolicyKeyVerification, | 271 UMA_HISTOGRAM_ENUMERATION(kMetricPolicyKeyVerification, |
272 METRIC_POLICY_KEY_VERIFICATION_KEY_MISSING, | 272 METRIC_POLICY_KEY_VERIFICATION_KEY_MISSING, |
273 METRIC_POLICY_KEY_VERIFICATION_SIZE); | 273 METRIC_POLICY_KEY_VERIFICATION_SIZE); |
274 return true; | 274 return true; |
275 } | 275 } |
276 | 276 |
277 if (!policy_->has_new_public_key_verification_signature()) { | 277 if (!policy_->has_new_public_key_verification_signature_deprecated()) { |
278 // Policy does not contain a verification signature, so log an error. | 278 // Policy does not contain a verification signature, so log an error. |
279 LOG(ERROR) << "Policy is missing public_key_verification_signature"; | 279 LOG(ERROR) << "Policy is missing public_key_verification_signature"; |
280 UMA_HISTOGRAM_ENUMERATION(kMetricPolicyKeyVerification, | 280 UMA_HISTOGRAM_ENUMERATION(kMetricPolicyKeyVerification, |
281 METRIC_POLICY_KEY_VERIFICATION_SIGNATURE_MISSING, | 281 METRIC_POLICY_KEY_VERIFICATION_SIGNATURE_MISSING, |
282 METRIC_POLICY_KEY_VERIFICATION_SIZE); | 282 METRIC_POLICY_KEY_VERIFICATION_SIZE); |
283 return false; | 283 return false; |
284 } | 284 } |
285 | 285 |
286 if (!CheckVerificationKeySignature( | 286 if (!CheckVerificationKeySignature( |
287 policy_->new_public_key(), | 287 policy_->new_public_key(), |
288 verification_key_, | 288 verification_key_, |
289 policy_->new_public_key_verification_signature())) { | 289 policy_->new_public_key_verification_signature_deprecated())) { |
290 LOG(ERROR) << "Signature verification failed"; | 290 LOG(ERROR) << "Signature verification failed"; |
291 UMA_HISTOGRAM_ENUMERATION(kMetricPolicyKeyVerification, | 291 UMA_HISTOGRAM_ENUMERATION(kMetricPolicyKeyVerification, |
292 METRIC_POLICY_KEY_VERIFICATION_FAILED, | 292 METRIC_POLICY_KEY_VERIFICATION_FAILED, |
293 METRIC_POLICY_KEY_VERIFICATION_SIZE); | 293 METRIC_POLICY_KEY_VERIFICATION_SIZE); |
294 return false; | 294 return false; |
295 } | 295 } |
296 // Signature verification succeeded - return success to the caller. | 296 // Signature verification succeeded - return success to the caller. |
297 DVLOG(1) << "Signature verification succeeded"; | 297 DVLOG(1) << "Signature verification succeeded"; |
298 UMA_HISTOGRAM_ENUMERATION(kMetricPolicyKeyVerification, | 298 UMA_HISTOGRAM_ENUMERATION(kMetricPolicyKeyVerification, |
299 METRIC_POLICY_KEY_VERIFICATION_SUCCEEDED, | 299 METRIC_POLICY_KEY_VERIFICATION_SUCCEEDED, |
300 METRIC_POLICY_KEY_VERIFICATION_SIZE); | 300 METRIC_POLICY_KEY_VERIFICATION_SIZE); |
301 return true; | 301 return true; |
302 } | 302 } |
303 | 303 |
304 bool CloudPolicyValidatorBase::CheckVerificationKeySignature( | 304 bool CloudPolicyValidatorBase::CheckVerificationKeySignature( |
305 const std::string& key, | 305 const std::string& key, |
306 const std::string& verification_key, | 306 const std::string& verification_key, |
307 const std::string& signature) { | 307 const std::string& signature) { |
308 DCHECK(!verification_key.empty()); | 308 DCHECK(!verification_key.empty()); |
309 em::PolicyPublicKeyAndDomain signed_data; | 309 em::DEPRECATEDPolicyPublicKeyAndDomain signed_data; |
310 signed_data.set_new_public_key(key); | 310 signed_data.set_new_public_key(key); |
311 | 311 |
312 // If no owning_domain_ supplied, try extracting the domain from the policy | 312 // If no owning_domain_ supplied, try extracting the domain from the policy |
313 // itself (this happens on certain platforms during startup, when we validate | 313 // itself (this happens on certain platforms during startup, when we validate |
314 // cached policy before prefs are loaded). | 314 // cached policy before prefs are loaded). |
315 std::string domain = owning_domain_.empty() ? | 315 std::string domain = owning_domain_.empty() ? |
316 ExtractDomainFromPolicy() : owning_domain_; | 316 ExtractDomainFromPolicy() : owning_domain_; |
317 if (domain.empty()) { | 317 if (domain.empty()) { |
318 LOG(ERROR) << "Policy does not contain a domain"; | 318 LOG(ERROR) << "Policy does not contain a domain"; |
319 return false; | 319 return false; |
(...skipping 240 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
560 return verifier.VerifyFinal(); | 560 return verifier.VerifyFinal(); |
561 } | 561 } |
562 | 562 |
563 template class CloudPolicyValidator<em::CloudPolicySettings>; | 563 template class CloudPolicyValidator<em::CloudPolicySettings>; |
564 | 564 |
565 #if !defined(OS_ANDROID) && !defined(OS_IOS) | 565 #if !defined(OS_ANDROID) && !defined(OS_IOS) |
566 template class CloudPolicyValidator<em::ExternalPolicyData>; | 566 template class CloudPolicyValidator<em::ExternalPolicyData>; |
567 #endif | 567 #endif |
568 | 568 |
569 } // namespace policy | 569 } // namespace policy |
OLD | NEW |